Thus said Stuart Henderson on Wed, 30 Nov 2022 16:13:36 +0000: > It allows a much tighter pledge in the client, so less attack surface > against a bad server.
So it's to prevent a malicious SSH server from exploiting a client who choses to use ~C to open up the ssh> prompt and create or destroy tunnels? > Alternatively you can use connection multiplexing (which didn't > support ~C anyway) and run a separate ssh -L / -R, which will > establish an extra channel using the existing connection. I also already use connection multiplexing, so this might be an option, however, does this mean that I'll have to maintain an extra terminal just so I can open a new -L/-R or can I just login and logout and that will effectively open the channel on the master channel and then exit? I guess I'll have to experiment some. But I'll probably just turn on the new option whenever I encounter the lack of functionality. Thanks for the suggestion. Andy